Re: A simple question
2003-04-20 11:25:59
At 01:00 PM 4/20/2003, Richard Carlson wrote:
At 07:20 PM 4/19/03 -0400, Keith Moore wrote:
> | To assign more than one address to every host means the host must have
> | an intelligent means of deciding which address to use.
>
> Yes, but the amount of intelligence actually needed is pretty minimal.
> (It is actually harder to decide between multiple available global
> prefixes, than to decide between global and site local - the former is
> a difficult problem, the latter is almost trivial).
disagree. the app can choose any global prefix and reasonably expect it to
work,
I completely disagree with this assumption. Firewalls and address filters
mean that no app can make any reasonable assumption. Some addresses will
work and others will fail. The app is left with no clues as to why the
connection failed. Assuming it's just a link failure and retrying
sometime in the future things will work is a receipt for user frustration.
modulo link failures. but when choosing between a global and a site
local the app needs to know whether the site local address will be valid for
the hosts that need to use it, and it has no way to know this. the app may
also have to choose which interface to use with the site-local prefix,
and it has no good way to know this either.
The decision process is not forced on the app/host by the existence of the
site-local prefix. It is due to the emergence of firewalls and address
filters. The reality is that non-global routing scopes exist today. The
question is - how do we provide some feedback to apps that they are trying
to cross a scope boundary that it's a permanent error condition (5xx in
SMTP verbiage)? One proposed notification method is the site-local
prefix. Other methods can be created, but something needs to be done and
simply killing site-locals and ignoring the underlying scoping issue is a
non-starter.
You mean aside from applications understaning that an ICMP Destination
Unreachable / Administratively Prohibited response from the site firewall?
For that matter, IPv6 machines arguably could try their Site Local address
and be given that same feedback from the border router or firewall, and use
the response as an indication to go use their assigned global address. It's
not clear to me that the host or application need contain the intelligence
(nor is there any way to determine scoping unassisted, IMO), however
through use of ICMP responses it certainly should be possible to determine
reachability or lack thereof. It may be useful to expand the responses
routers and firewalls give to hosts within sites to help accomplish this.
We have the problem of scoped addresses whether the "site local" mechanism
is retained or not. Providing guidance on the responses an application is
to receive in response to scoping controls (firewalls) would be useful
regardless. If this problem is worth solving for the already-common case of
firewalls, solving it for site-local addressing does not seem to be too
much of a stretch.
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: A simple question, (continued)
- Re: A simple question, Mark . Andrews
- Re: A simple question, Robert Elz
- Re: A simple question, Keith Moore
- Re: A simple question, Stephen Sprunk
- Re: A simple question, Keith Moore
- Re: A simple question, Randall Stewart
- Re: A simple question, Richard Carlson
- Re: A simple question,
Daniel Senie <=
- Re: A simple question, Richard Carlson
- Re: A simple question, Keith Moore
- Re: A simple question, Keith Moore
- Re: A simple question, Stephen Sprunk
- Re: A simple question, Keith Moore
- Re: A simple question, Daniel Senie
- Re: A simple question, Keith Moore
- Re: A simple question, John C Klensin
- Re: A simple question, Keith Moore
- Re: A simple question, Spencer Dawkins
|
|
|